ClawHub

doubao-tts

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate cloud text-to-speech skill, but it under-discloses that text and credentials are sent to a third-party service and uses broad triggers that could invoke it unexpectedly.

Install only if you are comfortable sending the text you ask it to read to Volcengine/Bytedance. Treat the access token as a secret, restrict the config file permissions, keep it out of backups and repositories, and avoid using broad read-aloud commands for confidential content unless the skill adds confirmation or clearer scoping.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to place a long-lived Access Token in a plaintext local config file under their home directory, but gives no warning about credential sensitivity, file permissions, rotation, or exclusion from backups/version control. That increases the chance of accidental disclosure through shared machines, backups, screenshots, shell history, or permissive filesystem access, which could allow unauthorized use of the TTS service.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very broad everyday phrases such as '朗读', '读出来', and '播放这段', which can cause the skill to activate on ordinary requests that do not clearly imply consent to use this specific third-party TTS integration. Because activation results in sending user text to an external service, accidental triggering materially increases privacy and cost risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill description explains how to synthesize speech but does not clearly warn that the input text will be sent to Volcengine/Bytedance servers for processing. Users may provide sensitive or confidential text under the assumption that processing is local, creating a meaningful privacy and compliance issue.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes very generic phrases such as '朗读', '转语音', '读出来', and '播放这段', which can easily appear in normal conversation or unrelated requests. In an agent environment, overly broad triggers can cause unintended invocation of this skill, potentially sending user text to an external TTS service and producing unexpected actions or data exposure.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
api_url="https://openspeech.bytedance.com/api/v1/tts"

response=$(curl -s -X POST "$api_url" \
  -H "Authorization: Bearer;$access_token" \
  -H "Content-Type: application/json" \
  -d "$json_payload")
Confidence
97% confidence
Finding
curl -s -X POST "$api_url" \ -H "Authorization: Bearer;$access_token" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
)

# 发送请求
response=$(curl -s -X POST "https://openspeech.bytedance.com/api/v1/tts" \
  -H "Authorization: Bearer;$access_token" \
  -H "Content-Type: application/json" \
  -d "$json_payload")
Confidence
97% confidence
Finding
curl -s -X POST "https://openspeech.bytedance.com/api/v1/tts" \ -H "Authorization: Bearer;$access_token" \ -H "Content-Type: application/json" \ -d

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
91% confidence
Finding
Using a very short and generic trigger like '朗读' increases the chance of unintended activation during ordinary conversation. In this skill, accidental activation is more significant because it can lead to external transmission of text and unexpected API usage.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal